Highlighted
Contributor
Contributor

macOS Big Sur - VMware Fusion 12 not working anymore when host is connected to VPN

Hello,

I've updated my macOS from Catalina to Big Sur and since then i also had to upgrade from the VMware fusion 11 to VMware fusion 12.

I've been using expressVPN for couple of months and usually i connect the host machine to the VPN and then i'm also able to have my guest machines under the VPN, but it's happening that now every time i connect to the VPN the guest machines simply can't access the network anymore. Any idea how to solve this issue?

Vmware machines network configurations:

  • I've tried my network adapter using the default configuration (Share with my MAC - NAT)
  • I've also tried with custom vmnet
47 Replies
Highlighted
Contributor
Contributor

The technical preview resolves the NAT issue for me. I only use the VM as a passthrough for network isolation, so I cannot speak to other compatibilities.

https://blogs.vmware.com/teamfusion/2020/07/fusion-big-sur-tech-preview.html

0 Kudos
Highlighted
Champion
Champion

That's an early beta version of Fusion 12 - you regressed to it and then it works?

0 Kudos
Highlighted
Contributor
Contributor

<slaps forehead>

0 Kudos
Highlighted
Contributor
Contributor

@dlhotka correct. From the release notes, I didn't get the impression from the build that it was a v12 beta: VMware-Fusion-e.x.p-16530630.dmg

Apple has been progressively deprecating 3rd party Kernel Extensions or “kexts” which Fusion needs to run VMs and containers. In order to continue to operate in this model, we’ve re-architected our hypervisor stack to leverage Apple’s native hypervisor APIs, allowing us to run VMs without any kernel extensions.

0 Kudos
Highlighted
Champion
Champion

Yeah, that was the beta for Fusion 12 from earlier this year.  Fusion 12 is the release version that is compatible with Big Sur.

0 Kudos
Highlighted
Contributor
Contributor

Currently I am running Big Sur with Cisco Anyconnect 4.9.0443 and Fusion 12.1

To date I have tried the following and have yet to find a working solution -

1. pfctl commands (In my situation they were already established)

sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null 

nat on utun6 inet from 172.16.99.0/24 to any -> (utun6:0) extfilter ei

nat on en8 inet from 172.16.99.0/24 to any -> (en8:0) extfilter ei

no nat on bridge100 inet from 172.16.99.1 to 172.16.99.0/24

2. static ip vs dhcp address on VM guest OS.

3. Upgrading to Fusion 12.1

 

Current network setup -

Vmware - 172.16.99.0/24

Mac (en8) - 192.168.1.0/24

Utun6 (anyconnect) 10.210.170.0/24

 

Tcpdump results

I see the packets on the bridge as the 172.16.99.0/24 address going to external addresses or intranet addresses (anyconnect).

With external addresses - On the mac interface en8, the same 172.16.99.0/24 address appears which doesnt look like the pfctl nat is being applied correctly.

With intranet addresses (anyconnect) - On the anyconnect interface there are no packets being seen.

 

VMware's workaround is to connect the vpn client from the vmware os, and not the host os. 

Is there another solution that I have yet to try?

 

TIA

Bryan

0 Kudos
Highlighted
Contributor
Contributor

I upgraded to 12.1 and this is what I'm seeing: I have multiple NAT configured VMs. From a completely powered off state, I boot one at a time. NAT interface works for the first NAT interface to come up, but none of the other machines NAT interfaces work. All machines get proper IP association and DHCP. I have to shut down everything, close Fusion, and bring the ONE machine that I want to use back online from powered down state. Hopefully this helps with some diagnostics.

0 Kudos
Highlighted
Contributor
Contributor

More experimenting. If I create an isolated NAT network for each VM on the host, I can get network to work on each individual VM simultaneously. I don't need the VMs to talk to one another, so this workaround is fine for me, for now.

0 Kudos